MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6237b5f8b6ee20c3fad9463266a4a7c787f2738f71dc81792cd6a0efe38b8685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CobaltStrike


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6237b5f8b6ee20c3fad9463266a4a7c787f2738f71dc81792cd6a0efe38b8685
SHA3-384 hash: 9b2892344bee3e8b96864255fead0bc04fbb00a7d004b2ccfeb1306207ef07dcbca622593c94445439ac08d25c418224
SHA1 hash: 3db443bb82da10f856a8d31343d5086971880eff
MD5 hash: ae528a25c510c766bddf1ea6db36b5a8
humanhash: oklahoma-william-tennis-thirteen
File name:ae528a25c510c766bddf1ea6db36b5a8.exe
Download: download sample
Signature CobaltStrike
Create hunting rule
File size:19'456 bytes
First seen:2022-11-22 14:49:12 UTC
Last seen:2023-05-13 22:49:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 147442e63270e287ed57d33257638324 (143 x CobaltStrike, 21 x Cobalt Strike)
ssdeep 192:XV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2TKfZmmxR/czWF8qa1Dojjgi:BqaCF31cix+Dc4zjvZmmxRzFF46gi
Threatray 280 similar samples on MalwareBazaar
TLSH T18A92DA3FE71368E9C106D57845FB3732DCB13DB386B7971E1724D2B42E106A46EAA910
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:CobaltStrike exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
419
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ae528a25c510c766bddf1ea6db36b5a8.exe
Verdict:
No threats detected
Analysis date:
2022-11-22 14:55:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d9ff580c-c06b-47d4-8d41-b4cae446eef6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/337273/
Detection(s):
Win.Trojan.CobaltStrike-9044898-1
Create hunting rule

Win.Trojan.CobaltStrike-7899871-1
Create hunting rule

Win.Countermeasure.LoaderWinGeneric-9804845-2
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/637ce19ee64742f53c108e58/reports/60e46936-9c48-45f8-b48e-6e20a7c5f527/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cobalt Strike
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/12775543-5597-4aa0-8b22-bd58e123ae42
Result
Threat name:
CobaltStrike
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1119001
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Detected unpacking (creates a PE file in dynamic memory)
Found API chain indicative of debugger detection
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Yara detected CobaltStrike
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6237b5f8b6ee20c3fad9463266a4a7c787f2738f71dc81792cd6a0efe38b8685/
Threat name:
Win64.Backdoor.CobaltStrike
Create hunting rule
Status:
Malicious
First seen:
2022-11-22 14:50:09 UTC
File Type:
PE+ (Exe)
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mi33l6fw5yqmh6wziyzgnjfhy6d7e44pohoic6jm22qo7y4lq2cq._file
Verdict:
malicious
Label(s):
cobaltstrike
Create hunting rule
Similar samples:
2c26464d290b7a98e0be6ca6f5b4c2379b554b06a67b1a71a2b31c7847347f03
CobaltStrike
8197a053d24a8e909e329029d73d9a4b50f9cac6f479f9b6ea70a76c3a3cbda7
CobaltStrike
96f1143875956621e590d05da84a3b75d498ecbf6afda44208894c2f51a8464b
CobaltStrike
a55dbb26705b65000f18861cc6878dd5b95288f43b2b7a18c1a5131279bfa9b2
CobaltStrike
b239b5d05aba2f98cbc955c1b88884495db53f5b3a3381b94db1aa76e3ed67a1
CobaltStrike
dc6db1dd01f2d94059b56eb474503a7ee974a507fe96c5a33481fafdcb4d04da
CobaltStrike
+ 270 additional samples on MalwareBazaar
Result
Malware family:
cobaltstrike
Create hunting rule
Score:
  10/10
Tags:
family:cobaltstrike backdoor trojan
Link:
https://tria.ge/reports/221122-r7kwqabc8z/
Behaviour
Cobaltstrike
Unpacked files
SH256 hash:
6237b5f8b6ee20c3fad9463266a4a7c787f2738f71dc81792cd6a0efe38b8685
MD5 hash:
ae528a25c510c766bddf1ea6db36b5a8
SHA1 hash:
3db443bb82da10f856a8d31343d5086971880eff
Link:
https://www.unpac.me/results/3b729a78-08b6-4e13-893f-80fb55baaf90/
Malware family:
CobaltStrike
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6237b5f8b6ee/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6237b5f8b6ee20c3fad9463266a4a7c787f2738f71dc81792cd6a0efe38b8685

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CobaltStrike

Executable exe 6237b5f8b6ee20c3fad9463266a4a7c787f2738f71dc81792cd6a0efe38b8685

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2315556/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/337273/

Comments